diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0d79695..7d6630c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,7 +16,8 @@ stages: - run-setup - run-setup-digitalocean - run-management-update - - run-patchday + - run-patchday-elastic-postgres + - run-patchday-all-k8s - run-hcloud-firewall lint-job: @@ -264,8 +265,7 @@ run-management-update-prodnso: .run-patchday: extends: .run-ansible - stage: run-patchday - script: + before_script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' @@ -273,54 +273,215 @@ run-management-update-prodnso: - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L + timeout: 2h + +run-patchday-elastic-dev: + extends: .run-patchday + stage: run-patchday-elastic-postgres + resource_group: dev + script: + - export STAGE=dev - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci + - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic' after_script: - rm /tmp/vault-pass - timeout: 2h + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" -run-patchday-dev: +run-patchday-postgres-dev: extends: .run-patchday + stage: run-patchday-elastic-postgres resource_group: dev - before_script: + script: + - export STAGE=dev + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" + +run-patchday-all-dev: + extends: .run-patchday + stage: run-patchday-all-k8s + resource_group: dev + script: + - export STAGE=dev + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" + +run-patchday-k8s-dev: + extends: .run-patchday + stage: run-patchday-all-k8s + resource_group: dev + script: - export STAGE=dev + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' + after_script: + - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" -run-patchday-devscr: +run-patchday-k8s-devscr: extends: .run-patchday + stage: run-patchday-all-k8s resource_group: devscr - before_script: + script: - export STAGE=devscr + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEVSCR}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' + after_script: + - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" -run-patchday-qa: +run-patchday-elastic-qa: extends: .run-patchday + stage: run-patchday-elastic-postgres resource_group: qa - before_script: + script: + - export STAGE=qa + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" + +run-patchday-postgres-qa: + extends: .run-patchday + stage: run-patchday-elastic-postgres + resource_group: qa + script: + - export STAGE=qa + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" + +run-patchday-all-qa: + extends: .run-patchday + stage: run-patchday-all-k8s + resource_group: qa + script: - export STAGE=qa + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' + after_script: + - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" -run-patchday-prodnso: +run-patchday-k8s-qa: extends: .run-patchday + stage: run-patchday-all-k8s + resource_group: qa + script: + - export STAGE=qa + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" + +run-patchday-elastic-prodnso: + extends: .run-patchday + stage: run-patchday-elastic-postgres resource_group: prodnso - before_script: + script: + - export STAGE=prodnso + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" + +run-patchday-postgres-prodnso: + extends: .run-patchday + stage: run-patchday-elastic-postgres + resource_group: prodnso + script: + - export STAGE=prodnso + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" + +run-patchday-all-prodnso: + extends: .run-patchday + stage: run-patchday-all-k8s + resource_group: prodnso + script: - export STAGE=prodnso + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" + +run-patchday-k8s-prodnso: + extends: .run-patchday + stage: run-patchday-all-k8s + resource_group: prodnso + script: + - export STAGE=prodnso + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" + +run-patchday-all-prodwork01: + extends: .run-patchday + stage: run-patchday-all-k8s + resource_group: prodwork01 + script: + - export STAGE=prodwork01 + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!k8s_cluster' + after_script: + - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" -run-patchday-prodwork01: +run-patchday-k8s-prodwork01: extends: .run-patchday + stage: run-patchday-all-k8s resource_group: prodwork01 - before_script: + script: - export STAGE=prodwork01 + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' + after_script: + - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" @@ -429,7 +590,7 @@ run-setup-digitalocean: run-patchday-dev-digitalocean: extends: .run-ansible - stage: run-patchday + stage: run-patchday-all-k8s before_script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass script: